The final topology for the entire project is the one from below:

For the first milestone (that is between 20th Oct - 4th Nov 2023) we are going to work only with the first 2 branches (Bucharest and IT), the DMZ area (where servers are found), and the router.

In the first week, let's start with a simpler topology:

Your tasks are the following:

1. Create the nodes (see here the tutorial) and connect them accordingly. For server, add 2 interfaces (make sure to select them when creating the node) - the first one connect to Cloud0 and the second to router.

2. Add IPs based on the topology (.1 for router and .2 for linux machine) and the required routes. At the end, make sure that linux machines are ping-able from one to another

3. Install docker (engine and client) on the server instance (hint: snap) and start a webserver on port 80 (using image httpd). For a docker tutorial, use this page.

4. Make sure that webserver is reachable from linux_client1 and linux_it1

5. Deny all traffic from any ip to port 80 on server by adding a rule in INPUT chain. Does it work? Why not?

6. Add an iptables entry to DOCKER-USER chain to permit only access from 10.10.10.0/24 subnet, but not from 10.20.20.0/24. More details can be found here (understand the difference between INPUT and DOCKER-USER). Test that server is not accessible from it instance, but from client1 is.

7. Install and start service ssh on server machine. Do not permit traffic from 10.10.10.0/24, but permit from 10.20.20.0/24. On which chain you will need to add it? Test the ssh connection from both machines (branch 1 and 2).